Incomplete GDPR scope in the introduction

[vl-gx]

What's the issue?

This section describes the General Data Protection Regulation (GDPR) in an incomplete way :

For organizations based in EU countries, both country-specific regulation and EU Directives may apply. For example, Directive
96/46/EC4 and Regulation (EU) 2016/679 (General Data Protection Regulation) make it mandatory to treat personal data in
applications with due care, whatever the application.

The GDPR target not only EU companies but businesses anywhere in the world as long as data from EU citizens is collected.

A good source to check : https://gdpr.eu/what-is-gdpr

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and
passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data
related to people in the EU.

How do we solve it?
Update the example.

Would you like to be assigned to this issue?

• Assign me, please!

[kingthorin]

It’s only an example, an additional sentence can be added for further clarity. But, it isn’t a treatise on GDPR, getting stuck deep in details won’t really help things and will likely miss the mark for the section/paragraph.

[rbsec]

Despite what the EU sometimes claims, it doesn't actually have the authority to define laws in other countries.

Organisations that do not operate in the EU are under no more obligation to follow GDPR than they are to follow, for example, China's "Computer Information Network and Internet Security, Protection, and Management Regulations", or any other laws from other counties.